Gartner: Consumers dissatisfied with online security

The results of a survey conducted by Gartner show online consumers are growing frustrated with the lack of security provided by banks and online retailers, and feel that passwords are no longer sufficient to secure their online transactions.

The findings are the latest conclusions drawn from a survey of 5000 adult Internet users, which concluded in April and show that online consumers want providers to offer more than just passwords to protect online accounts, and that concerns about a lack of security may be hampering the growth of online commerce, according to Avivah Litan, a vice-president and research director at Gartner.

Almost 60 per cent of people surveyed by Gartner said they were concerned or very concerned about online security. Even more important for online retailers: More than 80 per cent of those surveyed said they would buy more from an online vendor who offered them more than just a user name and password to protect their accounts, Litan said.

"The data shows that consumers want more than passwords," she said.

However, there were limits to how far consumers would go to secure their online activities, Litan said.

When asked to choose among technologies to supplement password protections, respondents gave high ratings to low-tech options such as challenge and response features that ask shoppers to provide responses to tailored questions, or shared secret technology that displays shopper-selected images on Web pages to prove the authenticity of e-commerce Web sites. More complicated solutions like security software downloads or so-called "multifactor authentication" that couple smart cards or Universal Serial Bus (USB) tokens with user names and passwords were less popular, Litan said.

The most popular choice for fixing the security of online shopping and banking sites was for providers to be made legally responsible for strict security measures, she said. Those surveyed by Gartneralso indicated that they wanted the choice of using stronger authentication, but didnot want to be forced to use it.

"Our data shows that consumers think the system is easy to use, but they want something that gives them added protection," she said.
Banks and online retailers in the US have lagged behind their counterparts in the European Union and Asia in using strong authentication to secure online transactions, including smart card technology and one-time passwords, she said.

Gartner predicts that by the end of 2007, more than 60 per cent of banks in the US, but fewer than 20 per cent of banks worldwide, will rely on simple passwords for retail customer authentication.

But that may change, especially as retailers and banks contend with a wave of sophisticated online scams known as phishing attacks that lure customers to phony websites and steal their account and financial information, she said.

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.